The Remote Hacking of Android Phones Is Possible By GLitch

Must Read

Microsoft Warns Millions of Windows 10 Users, And It’s Scary!

Microsoft’s Windows 10 update worries seem to haven’t stopped even after they started to secretly offer Windows...

Facebook Falls Prey To Coronavirus: Cancels Global Marketing Summit 2020

The deadly Coronavirus outbreak seems to have now become the primary cause of the cancellation of another...

Microsoft Study Reveals Indians Have Become Less Digitally Civilised Than The Previous Years!

With the coming age of digital boom in India, more and more people have been gaining access...
Prakhar Tripathihttp://dazeinfo.com
Mechanically Engineer. All for tech, tech for all. Professional moment ruiner.

Android’s vulnerability is not something unfathomable. Despite, security researchers have finally discovered an effective way to hijack an Android phone remotely through a nearly four-year-old hacking technique known as ‘Rowhammer’. On Thursday, researchers from Vusec research group published a paper that unveils how the Rowhammer exploit, dubbed as GLitch, leverages embedded GPUs to remotely execute malicious code in Android phones.

GLitch is the very first example of remote Rowhammer exploit on ARM Android devices. The Rowhammer technique involves inducing electric leaks in memory (DRAM) which results in the flipping of individual bits in adjacent memory rows and thereby leaking content from them. This will make it easy for the attacker to remotely hack the smartphone without relying on a software tweak.

The technique gives the hacker more flexibility over previous methods that relied on CPUs. GLitch is the first Rowhammer attack that is based on Javascript, meaning it can be executed when a user does nothing more than visiting a malicious site.

Advertisements

GLitch gets its name as it uses WebGL programming interface for rendering graphics to trigger a known glitch in DDR3 and DDR4 memory chips, the reason behind the peculiar capitalization. The term Rowhammer was coined after hackers repeatedly accessed – or ‘hammered’ – specific rows of the memory chip and altered its data by changing ‘zeros’ to ‘one’, and vice-versa. This intended bit-flip gave them control of the system.

The researchers have shown their proof of concept attack that how GLitch loads a malicious javascript in the browser and remotely hacks the victim’s phone. And all this in less than 2 minutes. Though it can only run the malicious code within the privileges of the browser, meaning it can spy on user’s browsing habits or steal his credentials, but can’t gain deeper access to user’s Android phone. Currently, GLitch targets only the Firefox browser and smartphones running on Snapdragon 800 and 801 SoC. Although the exploit isn’t mature enough to have an immediate adverse effect on most end users, it works on Android phones like LG Nexus 5, HTC One M8 or LG G2.

Additionally, the researchers have said,” If you’re wondering if we can trigger bit flips on Chrome the answer is yes, we can. As a matter of fact, most of our research was carried out on Chrome. We then switched to Firefox for the exploit just because we had prior knowledge of the platform and found more documentation.

That being said, Google replied that the attack isn’t a practical threat to the vast majority of users. Also, the search engine giant mitigated this remote vector in Chrome on March 13 and its team is working to implement protection on other browsers. Mozilla is also updating Firefox to prevent Rowhammer attacks. Furthermore, the recent DDR4 smartphone memories offer a safeguard that prevents electric leakage from changing their values.

LEAVE A REPLY

Please enter your comment!
Please enter your name here
Advertisements

Latest News

LinkedIn Finally Rolls Out The Most Requested Feature By Users

Microsoft owned LinkedIn has recently been reported to have revamped its profile section with an amazing feature...

Google is Giving Microsoft a Taste of its Own Medicine

The latest version of the Microsoft Edge browser was launched about a month ago for Windows 10, Windows 8, Windows 8.1, and...

PhonePe Is Betting Big On The New Facility To Woo Smartphone Users And Merchants

The popular digital payments app PhonePe has recently been reported to launch a feature which is bound to solve their user’s cash...

Microsoft, Xbox, and One Small Mistake: Loss of $1 Billion

Microsoft Corporation (NASDAQ:MSFT) needs no introduction as it is one of the oldest players in tech space and dominated the industry undisputedly...

Facebook Without Mark Zuckerberg And Sheryl Sandberg?

Imagine Facebook without Mark Zuckerberg and Sheryl Sandberg, the current CEO and COO of the world's largest online social media network having...

Essential Email Marketing Features for eStore Owners That Generate Guaranteed ROI

Email marketing is essential and is a significant part of current digital strategies. Email marketing reigns supreme when you need to enhance...

In-Depth: Dprime

YouTube Should Have Bid Adieu To Dislike Button Much Earlier?

Online video sharing platform YouTube can be a ruthless place for content creators targeted by 'dislike mobs'. And the site owners totally understand that...

Facebook Has Pulled Off A Masterstroke By Integrating Its ‘Family Of Apps’?

It’s indeed hard to believe that ONE man sitting at Menlo Park, oversees how nearly a third of the world’s population interacts with each...

Facebook’s Crunch Conquest: By Relying Largely On The US Market, Is Facebook Running a Risk?

Two billion! That's Facebook, Inc. (NASDAQ: FB) for you - Right when you thought that this social-media giant has already connected the entire world, it's...

More Articles Like This